App Certification in China

There are various certifications in China for protecting personal data in apps. The most important is the App Security Certification of the China Cybersecurity Review Technology and Certification Center (CCRC). It applies to apps of all service types, for example, apps developed and used in the smart home sector. However, there is one important requirement… Continue reading App Certification in China

IP Compliance Guidelines

The Shanghai Pudong New Area Procuratorate has released China’s first intellectual property rights (IPR) compliance guidelines. The goal is to highlight IPR-related risks and drive the establishment of a robust IP compliance system. IP compliance includes patents, trademarks, copyrights, and trade secrets. The guidelines distinguish IPR risks according to their level. For example, changes in… Continue reading IP Compliance Guidelines

China’s Strict IT Compliance Competes with RCEP

The world’s largest free trade agreement, the Regional Comprehensive Economic Partnership (RCEP), has been in effect since Jan. 1, 2022. It allows companies in participating countries to engage in cross-border partnerships, tariff reductions and trade simplification. Over the next 20 years, up to 90% of tariffs incurred in the zone are expected to be eliminated.… Continue reading China’s Strict IT Compliance Competes with RCEP

Legal Requirements for Vulnerability Management

For some time now, CIOs around the world have been busy fixing the Log4j2 vulnerability. From a technical perspective, there are solutions such as patches and system upgrades. However, vulnerability management is not just a technical issue in China; there are also legal requirements that companies must meet.  For example, service providers are required by… Continue reading Legal Requirements for Vulnerability Management

Cyber Security and Data Protection: What’s in Store for 2022?

The year 2021 was – not only, but also – a turbulent year in the areas of cyber security and data protection in China. In addition to increased enforcement of the Multi-Level Protection Scheme (MLPS) in China, the implementation of which has been legally binding for companies in China since 2017 (see our webinars), many… Continue reading Cyber Security and Data Protection: What’s in Store for 2022?

Data Export Security Assessment: All Data Processors Are Involved

With the enactment of China’s Cybersecurity Law (CSL), Data Security Law (DSL), and Personal Information Protection Law (PIPL), security management and assessment of cross-border data transfer became a key issue. Following these three laws, China’s Cyberspace Administration (CAC) published the Measures on Data Export Security Assessment (Draft for Comments) on October 29, 2021, which provides… Continue reading Data Export Security Assessment: All Data Processors Are Involved

The PIPL Requires Data Mapping of Personal Information

With the new Personal Information Protection Law (PIPL), the assessment of the impact on data subjects through the Personal Information Security Impact Assessment (PISIA) becomes the center of attention. PISIA assesses the legal compliance of current personal data processing, identifies the risks to data subjects, and evaluates the effectiveness of the data protection measures taken.… Continue reading The PIPL Requires Data Mapping of Personal Information

Is Your Personal Data Safe with Chatbots?

Chatbots are popular in China and are part of everyday digital life. They can be found in business as well as in society, for example in customer service or as social chatbots, a kind of virtual friend of the user. One example is the app XiaoIce, which now has more than 40 million registered users… Continue reading Is Your Personal Data Safe with Chatbots?

Regionalization: Avoiding Loss of Control

Many international companies are currently considering regionalizing their production and upstream supply chains for specific markets to a greater extent and making their subsidiaries in different world regions more independent of each other. The goal is to secure supply chains by deepening regional value creation and to better meet regional customer needs through regionally manufactured… Continue reading Regionalization: Avoiding Loss of Control

The Personal Information Protection Law (PIPL) Challenges Companies

After three revisions, China’s Personal Information Protection Law (PIPL), which has received much attention abroad, will come into force on November 1, 2021. It comprehensively protects personal data, going beyond the European General Data Protection Regulation (GDPR) – a milestone in Chinese legal history. Take Big Data price discrimination, for example: it refers to the… Continue reading The Personal Information Protection Law (PIPL) Challenges Companies